On 2021/12/04 00:49, Theo Buehler wrote:
> No feedback. I'm going to commit this patch tomorrow.
OK. I've never used sshmitm though (and fortunately there aren't many
devices around that still use SSHv1 to test it with!)
> On Fri, Nov 26, 2021 at 09:18:21AM +0100, Theo Buehler wrote:
> > The build fix is relatively straightforward, mostly based on Debian's
> > patch set.
> >
> > https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/
> >
> > If anyone uses this, a quick test would be appreciated.
>
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/security/dsniff/Makefile,v
> retrieving revision 1.63
> diff -u -p -r1.63 Makefile
> --- Makefile 12 Jul 2019 20:49:01 -0000 1.63
> +++ Makefile 25 Nov 2021 22:35:42 -0000
> @@ -3,7 +3,7 @@
> COMMENT= sniffing tools for penetration testing
>
> DISTNAME= dsniff-2.3
> -REVISION= 16
> +REVISION= 17
> CATEGORIES= security
>
> MASTER_SITES= http://monkey.org/~dugsong/dsniff/
> Index: patches/patch-arp_c
> ===================================================================
> RCS file: patches/patch-arp_c
> diff -N patches/patch-arp_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-arp_c 25 Nov 2021 22:34:41 -0000
> @@ -0,0 +1,13 @@
> +$OpenBSD$
> +
> +Index: arp.c
> +--- arp.c.orig
> ++++ arp.c
> +@@ -32,6 +32,7 @@
> + #include <netinet/if_ether.h>
> + #include <stdio.h>
> + #include <stdlib.h>
> ++#include <string.h>
> + #include <unistd.h>
> +
> + #ifdef BSD
> Index: patches/patch-buf_c
> ===================================================================
> RCS file: patches/patch-buf_c
> diff -N patches/patch-buf_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-buf_c 25 Nov 2021 22:28:38 -0000
> @@ -0,0 +1,13 @@
> +$OpenBSD$
> +
> +Index: buf.c
> +--- buf.c.orig
> ++++ buf.c
> +@@ -12,6 +12,7 @@
> + #include <sys/types.h>
> + #include <stdio.h>
> + #include <stdlib.h>
> ++#include <string.h>
> + #include <stdarg.h>
> + #include <unistd.h>
> + #include <ctype.h>
> Index: patches/patch-ssh_c
> ===================================================================
> RCS file: patches/patch-ssh_c
> diff -N patches/patch-ssh_c
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-ssh_c 26 Nov 2021 07:04:59 -0000
> @@ -0,0 +1,161 @@
> +$OpenBSD$
> +
> +Based on https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/
> +
> +Index: ssh.c
> +--- ssh.c.orig
> ++++ ssh.c
> +@@ -13,6 +13,8 @@
> + #include <sys/param.h>
> + #include <sys/types.h>
> + #include <arpa/nameser.h>
> ++#include <openssl/err.h>
> ++#include <openssl/md5.h>
> + #include <openssl/ssl.h>
> + #include <openssl/rand.h>
> +
> +@@ -86,7 +88,7 @@ static u_int crc32_tab[] = {
> + static u_char pkt[4 + 8 + SSH_MAX_PKTLEN];
> +
> + static void
> +-put_bn(BIGNUM *bn, u_char **pp)
> ++put_bn(const BIGNUM *bn, u_char **pp)
> + {
> + short i;
> +
> +@@ -116,7 +118,7 @@ get_bn(BIGNUM *bn, u_char **pp, int *lenp)
> + }
> +
> + static u_char *
> +-ssh_session_id(u_char *cookie, BIGNUM *hostkey_n, BIGNUM *servkey_n)
> ++ssh_session_id(u_char *cookie, const BIGNUM *hostkey_n, const BIGNUM *servkey_n)
> + {
> + static u_char sessid[16];
> + u_int i, j;
> +@@ -231,7 +233,10 @@ SSH_accept(SSH *ssh)
> + u_char *p, cipher, cookie[8], msg[1024];
> + u_int32_t num;
> + int i;
> +-
> ++
> ++ const BIGNUM *servkey_e, *servkey_n;
> ++ const BIGNUM *hostkey_e, *hostkey_n;
> ++
> + /* Generate anti-spoofing cookie. */
> + RAND_bytes(cookie, sizeof(cookie));
> +
> +@@ -240,11 +245,13 @@ SSH_accept(SSH *ssh)
> + *p++ = SSH_SMSG_PUBLIC_KEY; /* type */
> + memcpy(p, cookie, 8); p += 8; /* cookie */
> + num = 768; PUTLONG(num, p); /* servkey bits */
> +- put_bn(ssh->ctx->servkey->e, &p); /* servkey exponent */
> +- put_bn(ssh->ctx->servkey->n, &p); /* servkey modulus */
> ++ RSA_get0_key(ssh->ctx->servkey, &servkey_n, &servkey_e, NULL);
> ++ put_bn(servkey_e, &p); /* servkey exponent */
> ++ put_bn(servkey_n, &p); /* servkey modulus */
> + num = 1024; PUTLONG(num, p); /* hostkey bits */
> +- put_bn(ssh->ctx->hostkey->e, &p); /* hostkey exponent */
> +- put_bn(ssh->ctx->hostkey->n, &p); /* hostkey modulus */
> ++ RSA_get0_key(ssh->ctx->hostkey, &hostkey_n, &hostkey_e, NULL);
> ++ put_bn(hostkey_e, &p); /* hostkey exponent */
> ++ put_bn(hostkey_n, &p); /* hostkey modulus */
> + num = 0; PUTLONG(num, p); /* protocol flags */
> + num = ssh->ctx->encmask; PUTLONG(num, p); /* ciphers */
> + num = ssh->ctx->authmask; PUTLONG(num, p); /* authmask */
> +@@ -295,7 +302,7 @@ SSH_accept(SSH *ssh)
> + SKIP(p, i, 4);
> +
> + /* Decrypt session key. */
> +- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) > 0) {
> ++ if (BN_cmp(servkey_n, hostkey_n) > 0) {
> + rsa_private_decrypt(enckey, enckey, ssh->ctx->servkey);
> + rsa_private_decrypt(enckey, enckey, ssh->ctx->hostkey);
> + }
> +@@ -315,8 +322,8 @@ SSH_accept(SSH *ssh)
> + BN_clear_free(enckey);
> +
> + /* Derive real session key using session id. */
> +- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
> +- ssh->ctx->servkey->n)) == NULL) {
> ++ if ((p = ssh_session_id(cookie, hostkey_n,
> ++ servkey_n)) == NULL) {
> + warn("ssh_session_id");
> + return (-1);
> + }
> +@@ -325,10 +332,8 @@ SSH_accept(SSH *ssh)
> + }
> + /* Set cipher. */
> + if (cipher == SSH_CIPHER_3DES) {
> +- ssh->estate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
> +- ssh->dstate = des3_init(ssh->sesskey, sizeof(ssh->sesskey));
> +- ssh->encrypt = des3_encrypt;
> +- ssh->decrypt = des3_decrypt;
> ++ warnx("cipher 3des no longer supported");
> ++ return (-1);
> + }
> + else if (cipher == SSH_CIPHER_BLOWFISH) {
> + ssh->estate = blowfish_init(ssh->sesskey,sizeof(ssh->sesskey));
> +@@ -354,7 +359,10 @@ SSH_connect(SSH *ssh)
> + u_char *p, cipher, cookie[8], msg[1024];
> + u_int32_t num;
> + int i;
> +-
> ++
> ++ BIGNUM *servkey_n, *servkey_e;
> ++ BIGNUM *hostkey_n, *hostkey_e;
> ++
> + /* Get public key. */
> + if ((i = SSH_recv(ssh, pkt, sizeof(pkt))) <= 0) {
> + warn("SSH_recv");
> +@@ -376,21 +384,23 @@ SSH_connect(SSH *ssh)
> +
> + /* Get servkey. */
> + ssh->ctx->servkey = RSA_new();
> +- ssh->ctx->servkey->n = BN_new();
> +- ssh->ctx->servkey->e = BN_new();
> ++ servkey_n = BN_new();
> ++ servkey_e = BN_new();
> ++ RSA_set0_key(ssh->ctx->servkey, servkey_n, servkey_e, NULL);
> +
> + SKIP(p, i, 4);
> +- get_bn(ssh->ctx->servkey->e, &p, &i);
> +- get_bn(ssh->ctx->servkey->n, &p, &i);
> ++ get_bn(servkey_e, &p, &i);
> ++ get_bn(servkey_n, &p, &i);
> +
> + /* Get hostkey. */
> + ssh->ctx->hostkey = RSA_new();
> +- ssh->ctx->hostkey->n = BN_new();
> +- ssh->ctx->hostkey->e = BN_new();
> ++ hostkey_n = BN_new();
> ++ hostkey_e = BN_new();
> ++ RSA_set0_key(ssh->ctx->hostkey, hostkey_n, hostkey_e, NULL);
> +
> + SKIP(p, i, 4);
> +- get_bn(ssh->ctx->hostkey->e, &p, &i);
> +- get_bn(ssh->ctx->hostkey->n, &p, &i);
> ++ get_bn(hostkey_e, &p, &i);
> ++ get_bn(hostkey_n, &p, &i);
> +
> + /* Get cipher, auth masks. */
> + SKIP(p, i, 4);
> +@@ -402,8 +412,8 @@ SSH_connect(SSH *ssh)
> + RAND_bytes(ssh->sesskey, sizeof(ssh->sesskey));
> +
> + /* Obfuscate with session id. */
> +- if ((p = ssh_session_id(cookie, ssh->ctx->hostkey->n,
> +- ssh->ctx->servkey->n)) == NULL) {
> ++ if ((p = ssh_session_id(cookie, hostkey_n,
> ++ servkey_n)) == NULL) {
> + warn("ssh_session_id");
> + return (-1);
> + }
> +@@ -419,7 +429,7 @@ SSH_connect(SSH *ssh)
> + else BN_add_word(bn, ssh->sesskey[i]);
> + }
> + /* Encrypt session key. */
> +- if (BN_cmp(ssh->ctx->servkey->n, ssh->ctx->hostkey->n) < 0) {
> ++ if (BN_cmp(servkey_n, hostkey_n) < 0) {
> + rsa_public_encrypt(bn, bn, ssh->ctx->servkey);
> + rsa_public_encrypt(bn, bn, ssh->ctx->hostkey);
> + }
> Index: patches/patch-sshcrypto_c
> ===================================================================
> RCS file: /cvs/ports/security/dsniff/patches/patch-sshcrypto_c,v
> retrieving revision 1.3
> diff -u -p -r1.3 patch-sshcrypto_c
> --- patches/patch-sshcrypto_c 29 May 2015 15:57:29 -0000 1.3
> +++ patches/patch-sshcrypto_c 26 Nov 2021 07:06:11 -0000
> @@ -1,6 +1,13 @@
> $OpenBSD: patch-sshcrypto_c,v 1.3 2015/05/29 15:57:29 jca Exp $
> ---- sshcrypto.c.orig Tue Nov 28 22:23:28 2000
> -+++ sshcrypto.c Fri May 29 17:56:22 2015
> +
> +Use DES API instead of des
> +
> +OpenSSL 1.1 API conversion based on
> +https://sources.debian.org/patches/dsniff/2.4b1+debian-30/24_Fix-OpenSSL1.1.0-Build.patch/
> +
> +Index: sshcrypto.c
> +--- sshcrypto.c.orig
> ++++ sshcrypto.c
> @@ -15,7 +15,9 @@
> #include <sys/types.h>
> #include <openssl/ssl.h>
> @@ -22,7 +29,33 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0
> };
>
> void
> -@@ -153,13 +155,13 @@ des3_init(u_char *sesskey, int len)
> +@@ -37,10 +39,12 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
> + u_char *inbuf, *outbuf;
> + int len, ilen, olen;
> +
> +- if (BN_num_bits(key->e) < 2 || !BN_is_odd(key->e))
> ++ const BIGNUM *n, *e;
> ++ RSA_get0_key(key, &n, &e, NULL);
> ++ if (BN_num_bits(e) < 2 || !BN_is_odd(e))
> + errx(1, "rsa_public_encrypt() exponent too small or not odd");
> +
> +- olen = BN_num_bytes(key->n);
> ++ olen = BN_num_bytes(n);
> + outbuf = malloc(olen);
> +
> + ilen = BN_num_bytes(in);
> +@@ -69,7 +73,9 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
> + u_char *inbuf, *outbuf;
> + int len, ilen, olen;
> +
> +- olen = BN_num_bytes(key->n);
> ++ const BIGNUM *n;
> ++ RSA_get0_key(key, &n, NULL, NULL);
> ++ olen = BN_num_bytes(n);
> + outbuf = malloc(olen);
> +
> + ilen = BN_num_bytes(in);
> +@@ -153,13 +159,13 @@ des3_init(u_char *sesskey, int len)
> if ((state = malloc(sizeof(*state))) == NULL)
> err(1, "malloc");
>
> @@ -40,7 +73,7 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0
>
> memset(state->iv1, 0, 8);
> memset(state->iv2, 0, 8);
> -@@ -175,9 +177,9 @@ des3_encrypt(u_char *src, u_char *dst, int len, void *
> +@@ -175,9 +181,9 @@ des3_encrypt(u_char *src, u_char *dst, int len, void *
> estate = (struct des3_state *)state;
> memcpy(estate->iv1, estate->iv2, 8);
>
> @@ -53,7 +86,7 @@ $OpenBSD: patch-sshcrypto_c,v 1.3 2015/0
> }
>
> void
> -@@ -188,7 +190,7 @@ des3_decrypt(u_char *src, u_char *dst, int len, void *
> +@@ -188,7 +194,7 @@ des3_decrypt(u_char *src, u_char *dst, int len, void *
> dstate = (struct des3_state *)state;
> memcpy(dstate->iv1, dstate->iv2, 8);
>
>
No comments:
Post a Comment